During the course of an Identity Finder search, anti-virus applications may create an alert for files created in a subfolder of IDFTmpDir located in the user profile folder.  This is not a problem with Identity Finder, but rather indicates that the user's system already contains one or more infected files.

The files in IDFTmpDir are created during a search, specifically and most commonly when extracting files from archives (e.g., .zip files) or when detaching them from e-mail messages.  To search these files, Identity Finder places them in a temporary folder and then attempts to open them for read access.  If the file has a virus, the act of extracting or detaching the file to the temporary folder and/or the attempt to read the file may trigger the anti-virus application (depending on its configuration). 

If Identity Finder is configured to log "Locations Searched", you may be able to determine the specific archives or messages that contain the infected file(s); however, in these instances, it is recommended that you perform a full anti-virus scan of the user's system ensuring a search within archive files and e-mail attachments.

Additional Information:

Temporary files are also created when downloading files from a website during a Websites search and can be created during other Identity Finder operations such as checking for and downloading updates or analyzing AnyFind definitions.

For additional details on the location of the user profile folder for each operating system, please refer to the Windows or Mac configuration guide.